diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2019-02-24 21:16:59 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-02-24 21:16:59 +0000 |
commit | c310495149a0c96c5b4987b583757a1f3a5b2c58 (patch) | |
tree | 8135e788d0e1cee8b59d704a915533cc38b739cb | |
parent | Harden enchant.profile (#2455) (diff) | |
download | firejail-c310495149a0c96c5b4987b583757a1f3a5b2c58.tar.gz firejail-c310495149a0c96c5b4987b583757a1f3a5b2c58.tar.zst firejail-c310495149a0c96c5b4987b583757a1f3a5b2c58.zip |
Harden exiftool.profile (#2456)
-rw-r--r-- | etc/exiftool.profile | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 37e01f8d3..1838ce273 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile | |||
@@ -19,7 +19,10 @@ include disable-interpreters.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | apparmor | ||
22 | caps.drop all | 23 | caps.drop all |
24 | ipc-namespace | ||
25 | machine-id | ||
23 | net none | 26 | net none |
24 | no3d | 27 | no3d |
25 | nodbus | 28 | nodbus |
@@ -36,8 +39,12 @@ seccomp | |||
36 | shell none | 39 | shell none |
37 | tracelog | 40 | tracelog |
38 | 41 | ||
39 | # private-bin exiftool,perl | 42 | private-bin exiftool,perl |
40 | private-cache | 43 | private-cache |
41 | private-dev | 44 | private-dev |
42 | private-etc alternatives | 45 | private-etc alternatives |
43 | private-tmp | 46 | private-tmp |
47 | |||
48 | memory-deny-write-execute | ||
49 | noexec ${HOME} | ||
50 | noexec /tmp | ||